- Disabling the SSID broadcast. To some extent this makes it difficult for the hacker to detect the presence of a WiFi access point.
- Enable MAC address filter. Each network interface has a unique MAC address, by filtering it, one can to an extent control which machines can use the access point.
- Turn on WPA/WEP encryption. This ensures that traffic between a legitimate machine and an access point is not readable.
- Change default admin passwords for access points.
- Ensure access points are placed securely. In the centre of a room/office etc to minimize its signal strength outside the office.
Even after following the above precautions, your WiFI account could be compromised and hence, the things to look at are:
- Monitor usage of the access point. Have a clear inventory and knowledge about the position of each access point.
- Monitor the usage of the Internet link, to know what traffic is going out. For example, some corporate block e-mail providers like yahoo or hotmail. Hence, even if the access point is compromised, the hacker may not be able to use public e-mail systems.
- Consider a specific security policy for wireless networks. For example, most companies primarily use wired networks in the office as the primary media. Access points are used in common areas like conferences rooms etc. Hence, strict policies can be deployed on wireless networks as compared to wired networks.